It is interesting to note that the vast majority of security vulnerabilities affected software not used on servers: The Mozilla browser/email suite, Gaim instant messenger, xpdf, etc. Some of the server vulnerabilities would require certain user input to be exploited, such as running Links or Lynx, calling libtiff, or running a malicious binary. Others require less common setups such as Perl's suidperl or Bluetooth drivers, or local shell access.

Nothing is completely secure, but Red Hat Enterprise Linux, configured well and kept updated, has a very good track record so far.